Описание
Versions of the package nossrf before 1.0.4 are vulnerable to Server-Side Request Forgery (SSRF) where an attacker can provide a hostname that resolves to a local or reserved IP address space and bypass the SSRF protection mechanism.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.4 (исключая)
cpe:2.3:a:nossrf_project:nossrf:*:*:*:*:*:*:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
8.2 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918
Связанные уязвимости
EPSS
Процентиль: 34%
0.00141
Низкий
8.2 High
CVSS3
9.1 Critical
CVSS3
Дефекты
CWE-918
CWE-918